realm

package

v1.206.2 Latest Latest Go to latest Published: Feb 14, 2026 License: Apache-2.0 Imports: 6 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/cloudposse/atmos

Links

Documentation ¶

Overview ¶

Package realm provides credential realm computation and validation for authentication isolation. A realm defines an isolated credential namespace, preventing collisions when the same identity names are used across different repositories or customer environments.

Index ¶

Constants
func Validate(input string) error
type RealmInfo
- func GetRealm(configRealm, cliConfigPath string) (RealmInfo, error)
- func (r RealmInfo) SourceDescription(cliConfigPath string) string

Constants ¶

View Source

const (
	// EnvVarName is the environment variable name for overriding the auth realm.
	EnvVarName = "ATMOS_AUTH_REALM"

	// SourceEnv indicates the realm was set via environment variable.
	SourceEnv = "env"

	// SourceConfig indicates the realm was set via atmos.yaml configuration.
	SourceConfig = "config"

	// SourceAuto indicates the realm was not explicitly configured (empty realm for backward compatibility).
	SourceAuto = "auto"

	// MaxLength is the maximum allowed length for a realm value.
	MaxLength = 64
)

Variables ¶

This section is empty.

Functions ¶

func Validate ¶

func Validate(input string) error

Validate checks that a realm value contains only allowed characters and follows all rules.

Validation rules:

Must contain only lowercase letters (a-z), digits (0-9), hyphens (-), and underscores (_)
Must not be empty
Must not exceed MaxLength (64) characters
Must not start or end with hyphen or underscore
Must not contain consecutive hyphens or underscores
Must not contain path traversal sequences (/, \, ..)

Returns an error describing the validation failure, or nil if valid.

Types ¶

type RealmInfo ¶

type RealmInfo struct {
	// Value is the realm identifier used for credential isolation.
	Value string

	// Source indicates how the realm was determined: "env", "config", or "auto".
	Source string
}

RealmInfo contains the computed realm value and its source.

func GetRealm ¶

func GetRealm(configRealm, cliConfigPath string) (RealmInfo, error)

GetRealm computes the authentication realm with the following precedence:

ATMOS_AUTH_REALM environment variable (highest priority)
configRealm from atmos.yaml auth.realm configuration
Empty realm (no isolation) for backward compatibility

Realm isolation is opt-in: credentials are stored without realm subdirectory unless explicitly configured via ATMOS_AUTH_REALM env var or auth.realm config. This preserves backward-compatible credential paths for CI/CD environments. See: https://github.com/cloudposse/atmos/issues/2071

Returns an error if an explicit realm value (env var or config) contains invalid characters.

func (RealmInfo) SourceDescription ¶

func (r RealmInfo) SourceDescription(cliConfigPath string) string

SourceDescription returns a human-readable description of where the realm came from.

Source Files ¶

View all Source files

realm.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL